sublime-rules issues

Update body_bec_mobile_solicitation.yml

1

# Description adding additional keyword to body regex # Associated samples - https://platform.sublime.security/messages/685d802f0fac0ba07e9cafbd9855867a0362c5c7bdbace88cd1e20c7b984b6de?preview_id=0195f355-f2bc-70d7-87f6-b84682c45c43 - https://platform.sublime.security/messages/bc65bce36b77c9f7c8a63418eba1afa486c3b5fac8d11f50f9fa096e0f939386?preview_id=0195f352-3e26-7dd6-bb59-c4300d4033d9

peterdj45

in-test-rules

Create link_klaviyo_link_abuse.yml

2

# Description Add coverage for abused Klavyio links ## Associated hunts - [Hunt 1](https://platform.sublime.security/messages/hunt?huntId=0194f7dd-0539-708a-b543-81cd67b5b86d)

zoomequipd

in-test-rules

do-not-merge

Update GitHub Actions to use pinned hash references

## Description This PR updates all GitHub Actions in the workflow files to use specific commit hashes rather than version tags. This follows GitHub's security best practice of using hash-pinned...

wroersma

Create brand_impersonation_bbb.yml

9

# Description Brand Impersonation of the Better Business Bureau (BBB)

morriscode

in-test-rules

Add generic security login alert phishing detection rule

1

# Description This PR adds a new rule for detecting login security alert phishing attempts that is brand-agnostic. Current phishing detection rules are often specific to particular brands (Microsoft, Chase,...

morriscode

in-test-rules

Update link_credential_phishing_voicemail_language.yml

4

# Description Include logic for Topic Analysis > [!WARNING] > Makes use of `beta.ml_topic` # Associated samples - [Sample 1](https://platform.sublime.security/messages/d51c632c59b7bd01dfca95c3798d2d9f3bc77f983777ca76f47785393790818b)

zoomequipd

in-test-rules

pending-external-task

Add 'sad update' to spam detection rules

# Description adding `sad update` as a suspicious keyword # Associated samples - https://platform.sublime.security/messages/4fae15fa633c5812345126432c8aa50a78179d166910a4724fb341b1487626fd

peterdj45

in-test-rules

Update attachment_legal_pdf_link.yml

# Description Added emoji check and additional PDF indicators. # Associated samples - https://platform.sublime.security/messages/4fadec5d34b2eadef4a6fdbfca0d0bc77b85b55242778993219ceecb84f02d87?preview_id=019a55ae-2b9e-7c5c-b876-942645a1ebe7

aidenmitchell

hunting-required

test-rules:excluded:link_analysis

Create link_crypto_fraud.yml

# Description Detects messages containing financial communications about cryptocurrency or bitcoin with links to suspicious domains, URL shorteners, newly registered domains, or domains with known cryptocurrency fraud indicators. The rule...

aidenmitchell

hunting-required

test-rules:excluded:link_analysis

LWescott updating brand_impersonation_google_careers to exclude the sublime domain from the sender exclusion

# Description From a runner. Customers were getting these high-severity rules triggering for news letters being sent from us about Google Careers work. It's a little behind the ball here,...

IndiaAce

in-test-rules

sublime-rules
sublime-rules copied to clipboard

Metadata

Update body_bec_mobile_solicitation.yml

Create link_klaviyo_link_abuse.yml

Update GitHub Actions to use pinned hash references

Create brand_impersonation_bbb.yml

Add generic security login alert phishing detection rule

Update link_credential_phishing_voicemail_language.yml

Add 'sad update' to spam detection rules

Update attachment_legal_pdf_link.yml

Create link_crypto_fraud.yml

LWescott updating brand_impersonation_google_careers to exclude the sublime domain from the sender exclusion

← Metadata

Owner

Metadata

sublime-rules sublime-rules copied to clipboard

Metadata

← Metadata

Owner

Metadata

sublime-rules
sublime-rules copied to clipboard